IOS 11.4 Siri Auth Bypass | CVE-2018-4238
So this year in March i was just testing different settings of my iPhone that was running the latest IOS that time it was IOS 11.2.6 and i came across...
MuhammadKhizerJaved
How I was able to get subscription of $120/year For Free | Bug Bounty POC
About 2 Months ago a friend gave me his wetransfer.com account to send a 15GB file to a friend as he was using WeTransfer Plus subscription that he bought for...
Security Researcher saved Careem from a Data Breach
Careem App is a car booking platform based in UAE which offers traveling services by which people can book a car on their doorstep in a couple of minutes. Careem...
Unrestricted File Upload to RCE | Bug Bounty POC
Hey Guys, Hope all of you guys are doing well, I’m an Active Bug Bounty participant, & also sometimes work as a Freelancer for some extra pocket money :p So...
My Guide to Basic Recon? | Bug Bounties + Recon | Amazing Love story.
Hi All, So I decide to write about the Love story between Bug Bounties & Recon. First of all I’m not much of an Expert so I’m just sharing my...
UBER Wildcard Subdomain Takeover | BugBounty POC
Hi All, So Last month i decided to test Uber for Fun & Profit, So while scanning for subdomains to target i found a subdomain “design.uber.com” While navigating to the...
Accessing Localhost via Vhost | VIRTUAL HOST ENUMERATION | BugBounty POC
What virtual hosts (or vhosts)? A single web server can be configured to run multiple websites at once, under different domain names. These are the virtual hosts (or vhosts) and...
What is Subdomain Hijack/Takeover Vulnerability? How to Identify? & Exploit It?
The POST explains What is Subdomain Hijack/takeover Vulnerability, What are the Impacts of the Vulnerability & How can You prevent such attacks, In addition to this I Tried my best...
Exploiting Insecure Cross Origin Resource Sharing ( CORS ) | api.artsy.net
Hey guys! few Months a go i was testing different sites for CORS (Cross Origin Resource Sharing ) issues so that i can see what actually it is as i...
Bugcrowd’s Domain & Subdomain Takeover vulnerability!
Hey, I decided to Write about this Issue because I have seen some people are still confused about “Fastly error: unknown domain” Many Subdomains of BugBounty programs have This error...